[SR-Users] How does Kamailio decide which protocol to use when fwding to another proxy?

Pranathi Venkatayogi pvenkatayogi at cyracom.com
Wed Jan 25 23:09:31 CET 2017


By setting $du, I was able to force proxy1 to use TLS instead of UDP.

$du = "sip:ip:port;transport=tls"<sip:ip:port;transport=tls>;
t_relay();

Thanks Daniel for your input.

From: Pranathi Venkatayogi
Sent: Wednesday, January 25, 2017 8:25 AM
To: 'miconda at gmail.com' <miconda at gmail.com>; 'Kamailio (SER) - Users Mailing List' <sr-users at lists.sip-router.org>
Subject: RE: [SR-Users] How does Kamailio decide which protocol to use when fwding to another proxy?

I am attaching all the information needed:

Here is invite sent by the customer -
10.11.200.21:58822 -(SIP over TLS)-> 10.0.16.52:5061
INVITE sip:spanish at translation.sms-test.cyracom.com SIP/2.0
Via: SIP/2.0/TLS 10.11.200.21:58822;rport;branch=z9hG4bKPj40846ca84d834aeb9d6ae838e7d01166;alias
Max-Forwards: 70
From: "cust1" <sip:cust1 at devtranslation.sms-test.cyracom.com>;tag=46715a1fbe9c4d06a04ecf7e48997955
To: <sip:spanish at translation.sms-test.cyracom.com>
Contact: <sip:64715890 at 10.11.200.21:58825;transport=tls>
Call-ID: a6a27f5f13a147ff82f48fde3789838e
CSeq: 6098 INVITE
Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER
Supported: replaces, norefersub, gruu
User-Agent: Blink 3.0.0 (Windows)
Proxy-Authorization: Digest username="cust1", realm="devtranslation.sms-test.cyracom.com", nonce="WIfTSliH0h4rWzCg73Myws7fCOgYpwHyAg5IxIA=", uri="sip:spanish at translation.sms-test.cyracom.com", response="391c1e155da5949698501a379b9037a3"
Content-Type: application/sdp
Content-Length:   359
v=0
o=- 3694256158 3694256158 IN IP4 10.11.200.21
s=Blink 3.0.0 (Windows)
t=0 0
m=message 2855 TCP/TLS/MSRP *
c=IN IP4 10.11.200.21
a=path:msrps://192.168.1.110:2855/3dc0380f6ef30157c39c;tcp
a=accept-types:message/cpim text/* image/* application/im-iscomposing+xml
a=accept-wrapped-types:text/* image/* application/im-iscomposing+xml
a=setup:active

Here is the invite received by the agent. As we see transport=tls is set correctly. Question is why and who is inserting Via header to be UDP port 5060. 10.0.16.52 is proxy1’s IP address. Strange thing is proxy1 has TLS connection with proxy2 and still it is sending via UDP.
172.31.211.31:5061 -(SIP over TLS)-> 10.0.27.108:60894
INVITE sip:20745891 at 10.0.27.108:60896;transport=tls SIP/2.0
Via: SIP/2.0/TLS 63.149.103.72:5061;branch=z9hG4bKe337.4192b97c6a818407e5631f415c224e45.0
Via: SIP/2.0/UDP 10.0.16.52;rport=5060;branch=z9hG4bKe337.2c67958aee41eaa6f6d03652c89552c8.0;i=1
Via: SIP/2.0/TLS 10.11.200.21:59039;received=10.11.200.21;rport=59039;branch=z9hG4bKPj62fa0d97094946169f04a60aeb9aa215;alias
Max-Forwards: 68
From: "cust1" <sip:cust1 at devtranslation.sms-test.cyracom.com>;tag=7bbc8a1c90e94d96b3360223ce815d50
To: <sip:spanish at translation.sms-test.cyracom.com>
Contact: <sip:64715890 at 10.11.200.21:59045;transport=tls>
Record-Route: <sip:63.149.103.72:5060;transport=tls;lr;nat=yes>
Record-Route: <sip:10.0.16.52:5061;transport=tls;lr;nat=yes>
Call-ID: f1f4cb291ee44c11b3eda6c6801c1d22
CSeq: 28943 INVITE
Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER
Supported: replaces, norefersub, gruu
User-Agent: Blink 3.0.0 (Windows)
Content-Type: application/sdp
Content-Length:   359
v=0
o=- 3694259050 3694259050 IN IP4 10.11.200.21
s=Blink 3.0.0 (Windows)
t=0 0
m=message 2855 TCP/TLS/MSRP *
c=IN IP4 10.11.200.21
a=path:msrps://192.168.1.110:2855/3fe6e776d38e70ffc529;tcp
a=accept-types:message/cpim text/* image/* application/im-iscomposing+xml
a=accept-wrapped-types:text/* image/* application/im-iscomposing+xml
a=setup:active

Attached is the nslookup output of the proxy2 domain.
[cid:image002.jpg at 01D27714.A43CB960]


From: sr-users [mailto:sr-users-bounces at lists.sip-router.org] On Behalf Of Daniel-Constantin Mierla
Sent: Wednesday, January 25, 2017 12:17 AM
To: Kamailio (SER) - Users Mailing List <sr-users at lists.sip-router.org<mailto:sr-users at lists.sip-router.org>>
Subject: Re: [SR-Users] How does Kamailio decide which protocol to use when fwding to another proxy?

Hello,

first thing: do not reply to other emails from the mailing list, create a new one -- at the end of your message is a previous email from the list. It keeps the conversation clean, doesn't mess the email thread id and also makes it easier to understand what's all about (and less bandwidth) on mobile devices.

You would have to provide the sip packet (the invite) to understand what happens there. The support of TLS can be discovered via DNS lookup (NAPTR+SRV) or the transport can be enforced in the r-uri with transport=xyz parameter.

Cheers,
Daniel


On 24/01/2017 20:01, Pranathi Venkatayogi wrote:
Hi,
  I have two instances of Kamailio acting as edge proxies. One on the customer side and one on the agent side.
  Like: customer -> proxy1 -> proxy2 -> agent.
  Both customer and agent are registered to proxy1/proxy2 via TLS.

  However when proxy1 forwards to proxy2, it is using UDP. How can I force it to use TLS?
  Attached is the result of nslookup on the domain: translation.sms-test.cyracom.com.




--

Daniel-Constantin Mierla

www.twitter.com/miconda<http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda<http://www.linkedin.com/in/miconda>

Kamailio Advanced Training - Mar 6-8 (Europe) and Mar 20-22 (USA) - www.asipto.com<http://www.asipto.com>

Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.com<http://www.kamailioworld.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20170125/75b8865b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 55141 bytes
Desc: image002.jpg
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20170125/75b8865b/attachment.jpg>


More information about the sr-users mailing list